Login/Register
Keycloak admin client responds with Bad Request to attempt to list realms
Asked Answered
Solved javakeycloak
N

4

5

I am attempting a simple test of the health of a fresh instance of Keycloak (running in a Docker container, it so happens), by trying to list the realms using the Java admin client as the admin user. But this repeatedly fails due to an HTTP 400 Bad Request, apparently when the client is attempting to get an access token. How must I configure Keycloak, or the admin client, to do this simple query?

The stack-trace of the failure is thus:

java.lang.AssertionError: Able to list realms
    at [MyClass].listRealms([MyClass].java:69)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.junit.platform.commons.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:688)
    [junit stack-trace]
    at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:75)
    at org.eclipse.jdt.internal.junit5.runner.JUnit5TestReference.run(JUnit5TestReference.java:98)
    at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:41)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:542)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:770)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:464)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:210)
Caused by: javax.ws.rs.ProcessingException: javax.ws.rs.BadRequestException: HTTP 400 Bad Request
    at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.filterRequest(ClientInvocation.java:603)
    at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:440)
    at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:149)
    at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:112)
    at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)
    at com.sun.proxy.$Proxy45.findAll(Unknown Source)
    at [MyClass].listRealms([MyClass].java:67)
    ... 67 more
Caused by: javax.ws.rs.BadRequestException: HTTP 400 Bad Request
    at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:219)
    at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:195)
    at org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:62)
    at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:151)
    at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:112)
    at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)
    at com.sun.proxy.$Proxy43.grantToken(Unknown Source)
    at org.keycloak.admin.client.token.TokenManager.grantToken(TokenManager.java:90)
    at org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:70)
    at org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:65)
    at org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:52)
    at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.filterRequest(ClientInvocation.java:590)
    ... 73 more

The crucial code doing the query is this:

   public void listRealms() {
      try (var keycloak = container.getKeycloakInstance()) {
         final List<RealmRepresentation> realms;
         try {
            realms = keycloak.realms().findAll();
         } catch (final Exception e) {// provide better diagnostics
            throw new AssertionError("Able to list realms", e);
         }
         assertThat(realms, not(empty()));
      }
   }

with the Keycloak instance created thus:

   private static final String ADMIN_USER = "admin";
   private static final String ADMIN_PASSWORD = "letmein";
   private static final String ADMIN_REALM = "master";
   private static final String ADMIN_CLIENT_ID = null;
...
   public Keycloak getKeycloakInstance() {
      return Keycloak.getInstance(getUri().toASCIIString(), ADMIN_REALM,
               ADMIN_USER, ADMIN_PASSWORD, ADMIN_CLIENT_ID);
   }

That test failure happens to be when running the test in Eclipse. But the problem also occurs when I run the test using Maven (that is, using the maven-failsafe-plugin).

The same failure mode (HTTP 400 Bad Request ) also occurs if I

  • use a non existent client ID, rather than a null client ID (I would expect HTTP 404 Not Found in that case)
  • use the wrong password (I would expect HTTP 401 Unauthorized or HTTP 403 Forbidden in that case)

The URL I am using seems to be correct, because if I deliberately use an incorrect URL path I get the expected HTTP 404 Not Found failure mode, and if I deliberately use an incorrect host name I get the expected UnknownHostException.

This problem occurs with Key cloak version 11.0.2 (the current version at the time of writing) and also occurred with version 11.0.0.

Nonplus answered 3/9, 2020 at 9:50 Comment(1)
Try to use admin-cli client and user with proper realm-management roles. Also check Keycloak server logs - you may find there more details about reason for HTTP 400 Bad Request error.Baca
N
2

Although Keycloak automatically creates a master realm, with several client IDs, and you can automate setting up an admin user, its seems you can not use those with the Java admin client. You must instead create (or import) a realm and client ID, which you can then indicate when you create the Keycloak instance. Keycloak will not then complain about a Bad Request.

Nonplus answered 3/9, 2020 at 11:36 Comment(0)
A
5

Also, it is important to have the same keycloak-admin-client and keycloak version.

My problem was that I had Keycloak 22.0.0 and org.keycloak:keycloak-admin-client:22.0.3. That's why I've got 400 Bad Request.

Apocarp answered 20/9, 2023 at 10:6 Comment(2)
Same problem here, accidentally used 22.0.3 client against 21.1.2 server, create user did not work.Tombstone
This was the problem for me as well. Different keycloak server and client versions in use. If anyone doesnt know where to check the keycloak server version the url should be similar to localhost:9990/auth/admin/master/console/#/server-info just replace the port with your keycloak server portMartinez
N
2

Although Keycloak automatically creates a master realm, with several client IDs, and you can automate setting up an admin user, its seems you can not use those with the Java admin client. You must instead create (or import) a realm and client ID, which you can then indicate when you create the Keycloak instance. Keycloak will not then complain about a Bad Request.

Nonplus answered 3/9, 2020 at 11:36 Comment(0)
B
0

I had a similar issue, i suddently started to get 400 BadRequest, on keycloack 23.0.3

> 2023-12-29T12:01:55.422-03:00 ERROR 35264 --- [products-service]
> [nio-8081-exec-6] c.m.p.services.impl.KeycloakServiceImpl  : Error
> searching for users by email: [email protected]
> 
> jakarta.ws.rs.ProcessingException: jakarta.ws.rs.BadRequestException:
> HTTP 400 Bad Request  at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.filterRequest(ClientInvocation.java:652)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final]    at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:424)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final]    at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:134)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final]    at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:103)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final]    at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:61)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final]    at
> jdk.proxy4/jdk.proxy4.$Proxy219.searchByEmail(Unknown Source) ~[na:na]
>   at
> com.microservicios.productos.services.impl.KeycloakServiceImpl.searchByEmail(KeycloakServiceImpl.java:90)
> ~[classes/:na]    at
> com.microservicios.productos.services.impl.ProductServiceImpl.createProduct(ProductServiceImpl.java:78)
> ~[classes/:na]    at
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
> ~[na:na]  at
> java.base/java.lang.reflect.Method.invoke(Method.java:578) ~[na:na]
>   at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:352)
> ~[spring-aop-6.1.1.jar:6.1.1]     at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
> ~[spring-aop-6.1.1.jar:6.1.1]     at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> ~[spring-aop-6.1.1.jar:6.1.1]     at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765)
> ~[spring-aop-6.1.1.jar:6.1.1]     at
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
> ~[spring-tx-6.1.1.jar:6.1.1]  at
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:385)
> ~[spring-tx-6.1.1.jar:6.1.1]  at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
> ~[spring-tx-6.1.1.jar:6.1.1]  at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
> ~[spring-aop-6.1.1.jar:6.1.1]     at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765)
> ~[spring-aop-6.1.1.jar:6.1.1]     at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:717)
> ~[spring-aop-6.1.1.jar:6.1.1]     at
> com.microservicios.productos.services.impl.ProductServiceImpl$$SpringCGLIB$$0.createProduct(<generated>)
> ~[classes/:na]    at
> com.microservicios.productos.controllers.ProductController.createProduct(ProductController.java:39)
> ~[classes/:na]    at
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
> ~[na:na]  at
> java.base/java.lang.reflect.Method.invoke(Method.java:578) ~[na:na]
>   at
> org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:254)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:182)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:118)
> ~[spring-webmvc-6.1.1.jar:6.1.1]  at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:917)
> ~[spring-webmvc-6.1.1.jar:6.1.1]  at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:829)
> ~[spring-webmvc-6.1.1.jar:6.1.1]  at
> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
> ~[spring-webmvc-6.1.1.jar:6.1.1]  at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)
> ~[spring-webmvc-6.1.1.jar:6.1.1]  at
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
> ~[spring-webmvc-6.1.1.jar:6.1.1]  at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
> ~[spring-webmvc-6.1.1.jar:6.1.1]  at
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
> ~[spring-webmvc-6.1.1.jar:6.1.1]  at
> jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
> ~[tomcat-embed-core-10.1.16.jar:6.0]  at
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
> ~[spring-webmvc-6.1.1.jar:6.1.1]  at
> jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
> ~[tomcat-embed-core-10.1.16.jar:6.0]  at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:205)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
> ~[tomcat-embed-websocket-10.1.16.jar:10.1.16]     at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$FilterObservation$SimpleFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:479)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:340)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator.lambda$wrapSecured$0(ObservationFilterChainDecorator.java:82)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:128)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:117)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:145)
> ~[spring-security-oauth2-resource-server-6.2.0.jar:6.2.0]     at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
> ~[spring-security-web-6.2.0.jar:6.2.0]    at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
> ~[spring-web-6.1.1.jar:6.1.1]     at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> ~[tomcat-embed-core-10.1.16.jar:10.1.16]  at
> java.base/java.lang.Thread.run(Thread.java:1589) ~[na:na] Caused by:
> jakarta.ws.rs.BadRequestException: HTTP 400 Bad Request   at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:236)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final]    at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:216)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final]    at
> org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:59)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final]    at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:136)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final]    at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:103)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final]    at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:61)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final]    at
> jdk.proxy2/jdk.proxy2.$Proxy183.grantToken(Unknown Source) ~[na:na]
>   at
> org.keycloak.admin.client.token.TokenManager.grantToken(TokenManager.java:99)
> ~[keycloak-admin-client-23.0.3.jar:23.0.3]    at
> org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:75)
> ~[keycloak-admin-client-23.0.3.jar:23.0.3]    at
> org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:70)
> ~[keycloak-admin-client-23.0.3.jar:23.0.3]    at
> org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:52)
> ~[keycloak-admin-client-23.0.3.jar:23.0.3]    at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.filterRequest(ClientInvocation.java:644)
> ~[resteasy-client-6.2.4.Final.jar:6.2.4.Final]

Then I realized I accidently turned off the authenticationFLow that I was using for my client. If you have the same issue, make sure you have the correct flow activated.

For example, for this configuration:

> @Configuration public class KeycloackConfig {
>     @Bean
>     Keycloak keycloak() {
>         return KeycloakBuilder.builder()
>                 .serverUrl("http://localhost:8080")
>                 .realm("master")
>                 .clientId("admin-cli")
>                 .grantType(OAuth2Constants.PASSWORD)
>                 .username("admin")
>                 .password("admin")
>                 .build();
>     } }

You must have to activate Direct access grants flow for the admin-cli client in Keycloak. If you are using another type of grant, you must check that the client supports that grant.

Bloemfontein answered 29/12, 2023 at 17:46 Comment(0)
H
0

I was getting a 400 bad request because I was missing the username which is mandatory.

Hylton answered 4/11 at 15:20 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.